title: Securing the system link: https://onemoretech.wordpress.com/2010/02/03/securing-the-system/ author: lembobro description: post_id: 197 created: 2010/02/03 05:29:20 created_gmt: 2010/02/03 05:29:20 comment_status: open post_name: securing-the-system status: publish post_type: post

Securing the system

“Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication.”

That’s a quote from Dennis Blair, the U.S. Directory of National Intelligence, at a Senate hearing today.

Unfortunately, nearly all efforts to defend our networks focus on the networks rather than the software that runs on them, the software that we all interact with directly.

Layer 7 security is the final frontier. It is also the only line of defense that really matters. Firewalls can be breached. Network protocols can be manipulated. In the end, if the software can’t defend itself the odds are against you. People like Gary McGraw and others have been talking about this for years, decades.

There’s lots that could be done to fix the problem. Making everything authenticate using certificates over secure channels (e.g. SSL), for one thing. Doing real due diligence in applying the latest patches, for another. Giving your Senior Engineer time to download and learn Metasploit so he can do some serious security assessments.

If I were still in my twenties without the responsibility of a mortgage and the wonderful privilege of raising a family, I think I’d want to be right out on the front lines dealing with this issue. Hopefully a new generation of young computer scientists with a desire to serve their country will rise to the occasion.

Here’s Marcus Ranum last November at TEDx, explaining the importance of software security.

The idea behind this talk has been in the back of my mind for the better part of a decade, ever since I started looking closely at FTP, and wondering “if the guys who coded that knew it’d be around for this long, would they have done it differently?”

Copyright 2004-2019 Phil Lembo